{"id":"CVE-2018-7723","details":"The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible.","modified":"2026-04-11T18:10:47.494585Z","published":"2018-03-06T17:29:00.370Z","references":[{"type":"EVIDENCE","url":"https://github.com/summ3rf/Vulner/blob/master/Piwigo%20Store%20XSS.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/piwigo/piwigo","events":[{"introduced":"0"},{"last_affected":"f4be39d6581ea663431520a828b8b7ee1effd933"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"2.9.3"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:piwigo:piwigo:2.9.3:*:*:*:*:*:*:*"}}],"versions":["2.8.0RC1","2.8.0RC2","2.9.0","2.9.0RC1","2.9.0RC2","2.9.0beta1","2.9.0beta2","2.9.1","2.9.2","2.9.3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7723.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}